Following a Sunday Times report, Wi5 founder and CEO, Prask Sutton, comments:
“It’s recently come to light that companies collecting data for restaurants and pubs to help them fulfil their contact-tracing duties are harvesting that confidential customer information to sell on. Legal experts are warning of a “privacy crisis” caused by these companies passing on customers’ data to marketers, credit companies, insurance brokers and who knows who else.
“The use of QR codes to enable contact-tracing and mobile Order & Pay is relatively new, so it’s hugely disappointing, if not entirely unexpected, that several companies have been caught behaving in a highly irresponsible way, and in the process, tarnishing the reputation of reputable tech companies responsibly serving the hospitality industry.
“The pandemic has changed the operational procedures for pubs and restaurants, with many operators embracing digital solutions for the first time; often without necessarily understanding the implications of handling digital data. The Government guidelines say data should be kept by the business for just 21 days and must not be used “for any purposes other than for NHS Test and Trace”. That software providers are taking advantage of both operators and consumers by unnecessary acquiring and retaining customer data is highly immoral. Creating privacy policies that in some cases openly declare that such information may be stored for up to 25 years is nothing short of ludicrous. Neither the operator nor the customer benefits from this — only the provider, whose sole purpose for engaging in this type of abhorrent behaviour is to generate more profit for themselves, regardless of the true cost.
“As a business, we’ve worked tirelessly to maintain our industry-leading infosec credentials. We’re the only mobile Order & Pay solution with ISO/IEC 27001 accreditation and, with no log-in or registration process to use our software, don’t hold any non-essential customer data.
“We strongly advise that any business using digital services review the privacy policies and information security credentials of their service providers, challenging them on anything that seems unreasonable.”